Auto-Update: 2024-05-30T06:00:38.769395+00:00

2025-07-11 16:13:34 +00:00 · 2024-05-30 06:03:30 +00:00 · 2024-05-30 06:03:30 +00:00 · 0867235441
commit 0867235441
parent 4d88391017
14 changed files with 602 additions and 15 deletions
--- a/CVE-2024/CVE-2024-22xx/CVE-2024-2253.json
+++ b/CVE-2024/CVE-2024-22xx/CVE-2024-2253.json
@ -0,0 +1,47 @@
 {
  "id": "CVE-2024-2253",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-05-30T04:15:09.793",
  "lastModified": "2024-05-30T04:15:09.793",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
      "value": "The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via URL values the plugin's carousel widgets in all versions up to, and including, 10.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 2.7
      }
    ]
  },
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/browser/testimonials-carousel-elementor/trunk/widgets/testimonials-carousel/class-testimonialscarousel-employees.php",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d559b862-ee07-4207-8c64-81961516a046?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-30xx/CVE-2024-3063.json
+++ b/CVE-2024/CVE-2024-30xx/CVE-2024-3063.json
@ -0,0 +1,47 @@
 {
  "id": "CVE-2024-3063",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-05-30T04:15:10.140",
  "lastModified": "2024-05-30T04:15:10.140",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
      "value": "The WPB Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the output of 'tags' added to widgets in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied tag attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 2.7
      }
    ]
  },
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3088737%40wpb-elementor-addons&new=3088737%40wpb-elementor-addons&sfp_email=&sfph_mail=#file44",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8a832e2b-a900-4057-96fc-1bd6899e3950?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-31xx/CVE-2024-3190.json
+++ b/CVE-2024/CVE-2024-31xx/CVE-2024-3190.json
@ -0,0 +1,47 @@
 {
  "id": "CVE-2024-3190",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-05-30T04:15:10.417",
  "lastModified": "2024-05-30T04:15:10.417",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
      "value": "The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's text field widget in all versions up to, and including, 1.5.107 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note that this vulnerability is different in that the issue stems from an external template. It appears that older version may also be patched due to this, however, we are choosing 1.5.108 as the patched version since that is the most recent version containing as known patch."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5
      }
    ]
  },
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3090199%40unlimited-elements-for-elementor&new=3090199%40unlimited-elements-for-elementor&sfp_email=&sfph_mail=",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/78d8ddc9-69ad-4d69-ac23-5a31dfeafd54?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-32xx/CVE-2024-3269.json
+++ b/CVE-2024/CVE-2024-32xx/CVE-2024-3269.json
@ -0,0 +1,47 @@
 {
  "id": "CVE-2024-3269",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-05-30T04:15:10.697",
  "lastModified": "2024-05-30T04:15:10.697",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
      "value": "The Download Monitor plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the dlm_uninstall_plugin function in all versions up to, and including, 4.9.13. This makes it possible for authenticated attackers to uninstall the plugin and delete its data."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "availabilityImpact": "LOW",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5
      }
    ]
  },
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/changeset/3092928/download-monitor/trunk?contextall=1&old=3070504&old_path=%2Fdownload-monitor%2Ftrunk",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c454a958-91c4-4847-91f6-dedebf857964?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-32xx/CVE-2024-3277.json
+++ b/CVE-2024/CVE-2024-32xx/CVE-2024-3277.json
@ -0,0 +1,47 @@
 {
  "id": "CVE-2024-3277",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-05-30T05:15:55.073",
  "lastModified": "2024-05-30T05:15:55.073",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
      "value": "The Yumpu ePaper publishing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions up to, and including, 2.0.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload PDF files and publish them, as well as modify the API key."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 1.4
      }
    ]
  },
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/browser/yumpu-epaper-publishing/trunk/yumpu.php#L259",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ed507ac7-6732-4315-99dd-0a8636cc9cc3?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-39xx/CVE-2024-3943.json
+++ b/CVE-2024/CVE-2024-39xx/CVE-2024-3943.json
@ -0,0 +1,47 @@
 {
  "id": "CVE-2024-3943",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-05-30T05:15:55.373",
  "lastModified": "2024-05-30T05:15:55.373",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
      "value": "The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_addcomment function. This makes it possible for unauthenticated attackers to add comments to to do items via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4
      }
    ]
  },
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/browser/wp-todo/trunk/inc/Base/Model.php#L225",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/406f6bd7-f57f-4725-a36f-9846ac04f945?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-39xx/CVE-2024-3945.json
+++ b/CVE-2024/CVE-2024-39xx/CVE-2024-3945.json
@ -0,0 +1,47 @@
 {
  "id": "CVE-2024-3945",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-05-30T05:15:55.590",
  "lastModified": "2024-05-30T05:15:55.590",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
      "value": "The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_manage() function. This makes it possible for unauthenticated attackers to add new todo items via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4
      }
    ]
  },
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/browser/wp-todo/trunk/inc/Base/Model.php#L273",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/69475bec-1f27-4793-8697-1132ac701c62?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-39xx/CVE-2024-3946.json
+++ b/CVE-2024/CVE-2024-39xx/CVE-2024-3946.json
@ -0,0 +1,47 @@
 {
  "id": "CVE-2024-3946",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-05-30T05:15:55.800",
  "lastModified": "2024-05-30T05:15:55.800",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
      "value": "The WP To Do plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 2.7
      }
    ]
  },
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/browser/wp-todo/trunk/inc/Base/Model.php#L304",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/de648bea-35c5-4611-aa2f-79e37a0299bb?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-39xx/CVE-2024-3947.json
+++ b/CVE-2024/CVE-2024-39xx/CVE-2024-3947.json
@ -0,0 +1,47 @@
 {
  "id": "CVE-2024-3947",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-05-30T05:15:55.993",
  "lastModified": "2024-05-30T05:15:55.993",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
      "value": "The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_settings() function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4
      }
    ]
  },
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/browser/wp-todo/trunk/inc/Base/Model.php#L304",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c132cfc1-03b3-4616-9a66-871e88c857cb?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-42xx/CVE-2024-4218.json
+++ b/CVE-2024/CVE-2024-42xx/CVE-2024-4218.json
@ -0,0 +1,47 @@
 {
  "id": "CVE-2024-4218",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-05-30T05:15:56.183",
  "lastModified": "2024-05-30T05:15:56.183",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
      "value": "The AffiEasy plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.7. This is due to plugin improperly releasing the tagged and patched version of the plugin - the vulnerable version is used as the core files, while the patched version was included in a 'trunk' folder. This makes it possible for unauthenticated attackers to perform a variety of actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.5
      }
    ]
  },
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/browser/affieasy/tags/1.1.6",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/095a2262-1da2-4f79-896c-6d48eb079a7b?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-43xx/CVE-2024-4356.json
+++ b/CVE-2024/CVE-2024-43xx/CVE-2024-4356.json
@ -0,0 +1,47 @@
 {
  "id": "CVE-2024-4356",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-05-30T05:15:56.540",
  "lastModified": "2024-05-30T05:15:56.540",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
      "value": "The List categories plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'categories' shortcode in all versions up to, and including, 0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 2.7
      }
    ]
  },
  "references": [
    {
      "url": "https://wordpress.org/plugins/list-categories/",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8e24306a-b741-4840-b238-e37138425bf8?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-52xx/CVE-2024-5223.json
+++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5223.json
@ -0,0 +1,51 @@
 {
  "id": "CVE-2024-5223",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-05-30T04:15:10.963",
  "lastModified": "2024-05-30T04:15:10.963",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
      "value": "The Post Grid Gutenberg Blocks and WordPress Blog Plugin \u2013 PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploading feature in all versions up to, and including, 4.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 2.7
      }
    ]
  },
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/browser/ultimate-post/tags/4.0.4/addons/custom_font/Custom_Font.php#L13",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://plugins.trac.wordpress.org/changeset/3093051/ultimate-post/trunk/addons/custom_font/Custom_Font.php",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7234d4b9-a575-428a-9d08-2dc62ba41c30?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 ```plain
-2024-05-30T04:00:40.989461+00:00
+2024-05-30T06:00:38.769395+00:00
 ```
 ### Most recent CVE Modification Timestamp synchronized with NVD
 ```plain
-2024-05-30T03:15:08.467000+00:00
+2024-05-30T05:15:56.540000+00:00
 ```
 ### Last Data Feed Release
@ -33,24 +33,31 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 ```plain
-252081
+252093
 ```
 ### CVEs added in the last Commit
-Recently added CVEs: `2`
+Recently added CVEs: `12`
- [CVE-2024-3726](CVE-2024/CVE-2024-37xx/CVE-2024-3726.json) (`2024-05-30T03:15:08.237`)
+- [CVE-2024-2253](CVE-2024/CVE-2024-22xx/CVE-2024-2253.json) (`2024-05-30T04:15:09.793`)
- [CVE-2024-5514](CVE-2024/CVE-2024-55xx/CVE-2024-5514.json) (`2024-05-30T03:15:08.467`)
+- [CVE-2024-3063](CVE-2024/CVE-2024-30xx/CVE-2024-3063.json) (`2024-05-30T04:15:10.140`)
 - [CVE-2024-3190](CVE-2024/CVE-2024-31xx/CVE-2024-3190.json) (`2024-05-30T04:15:10.417`)
 - [CVE-2024-3269](CVE-2024/CVE-2024-32xx/CVE-2024-3269.json) (`2024-05-30T04:15:10.697`)
 - [CVE-2024-3277](CVE-2024/CVE-2024-32xx/CVE-2024-3277.json) (`2024-05-30T05:15:55.073`)
 - [CVE-2024-3943](CVE-2024/CVE-2024-39xx/CVE-2024-3943.json) (`2024-05-30T05:15:55.373`)
 - [CVE-2024-3945](CVE-2024/CVE-2024-39xx/CVE-2024-3945.json) (`2024-05-30T05:15:55.590`)
 - [CVE-2024-3946](CVE-2024/CVE-2024-39xx/CVE-2024-3946.json) (`2024-05-30T05:15:55.800`)
 - [CVE-2024-3947](CVE-2024/CVE-2024-39xx/CVE-2024-3947.json) (`2024-05-30T05:15:55.993`)
 - [CVE-2024-4218](CVE-2024/CVE-2024-42xx/CVE-2024-4218.json) (`2024-05-30T05:15:56.183`)
 - [CVE-2024-4356](CVE-2024/CVE-2024-43xx/CVE-2024-4356.json) (`2024-05-30T05:15:56.540`)
 - [CVE-2024-5223](CVE-2024/CVE-2024-52xx/CVE-2024-5223.json) (`2024-05-30T04:15:10.963`)
 ### CVEs modified in the last Commit
-Recently modified CVEs: `3`
+Recently modified CVEs: `0`
 - [CVE-2024-4436](CVE-2024/CVE-2024-44xx/CVE-2024-4436.json) (`2024-05-30T02:15:47.300`)
 - [CVE-2024-4437](CVE-2024/CVE-2024-44xx/CVE-2024-4437.json) (`2024-05-30T02:15:47.433`)
 - [CVE-2024-4438](CVE-2024/CVE-2024-44xx/CVE-2024-4438.json) (`2024-05-30T02:15:47.537`)
 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -243333,6 +243333,7 @@ CVE-2024-22520,0,0,9b6223a53e180c3295f59e3aa1be5500dd113bead8df3efd63052e10ac314
 CVE-2024-22523,0,0,c46fa576c9efc04bfa68e9b9b048feb02140ef1745b4ca662893a1dcd1fc7e20,2024-02-05T18:45:22.323000
 CVE-2024-22526,0,0,75ace6c927ced5f7ea482234fce681438e4968b2221e8e0044ae8bc44e2d2849,2024-04-12T12:43:46.210000
 CVE-2024-22529,0,0,f41d09d708d73657afdb982e616544d0858f64a9413ba7f1cfbd6a4f36b177fc,2024-01-31T18:42:44.573000
 CVE-2024-2253,1,1,df4c554be86698eb39eee9cf06e3eda86d2d89b582ab8c1a1f8cd2700a16feeb,2024-05-30T04:15:09.793000
 CVE-2024-22532,0,0,6fad183b739b464d3003075e09f3da32b728992a253a18db27cbf8640f312c28,2024-02-29T13:49:47.277000
 CVE-2024-22533,0,0,84ada03ee37935d281b6ef02f8758f6d805bf66c7cac8fad1d52934fdf1b61ec,2024-02-10T04:09:13.303000
 CVE-2024-22543,0,0,4bbc43f5b3e2685d1c9696fcc6499264d266d040456549b4c4eb8710fde430af,2024-02-27T14:20:06.637000
@ -248272,6 +248273,7 @@ CVE-2024-30626,0,0,dd61e51a8ba5f6151ec2012c267de9a8f4363b4511aa2015e23176fa696a1
 CVE-2024-30627,0,0,24e44b422d8dfb4f461acd1e40ed917b1185c728791e5ef89a24408fed2d5d20,2024-03-29T13:28:22.880000
 CVE-2024-30628,0,0,c1cfcec997f2b440177dbb4bb1c457eafabcb3c3a8d68d5d2db04b4e94344284,2024-03-29T13:28:22.880000
 CVE-2024-30629,0,0,7117658aa143fa0c45ef2d66dbdbe5496577b3ed8e4e0a0ce7de2a66765ffd4a,2024-03-29T13:28:22.880000
 CVE-2024-3063,1,1,d23297bd0d8ddb2e558677f2ee2e38122d2f7e72c29e7063ab1ce233afc0b67c,2024-05-30T04:15:10.140000
 CVE-2024-30630,0,0,a78dc6e5837056dc63e94f8b90ccdcfb900ec6350574c1ab0600191f9de26eb6,2024-03-29T13:28:22.880000
 CVE-2024-30631,0,0,428fc47458d23d355f563629d61eef5861a5f604ce69860222a6765139b17b6a,2024-03-29T13:28:22.880000
 CVE-2024-30632,0,0,a817d09d9ada60d9737215466a32bcc347282a2f0fd24eb4b23a6745cca6615e,2024-03-29T13:28:22.880000
@ -248894,6 +248896,7 @@ CVE-2024-3189,0,0,1214acc8d4ffdbc5da1a7913ab352a27b53d04d94b5a178d0c09d285be9bf4
 CVE-2024-31893,0,0,12d01c628fd750c0cbf441575efefbf394d1654280d687a3cb134821594970b6,2024-05-24T01:15:30.977000
 CVE-2024-31894,0,0,5d58af989adc88e1f21decb4e4b73370061e14ed54479d7579f2f2b5b7332e1e,2024-05-24T01:15:30.977000
 CVE-2024-31895,0,0,38db7df97417d61bcac3e1b48b52fd0d409c4088497b5231955dcf460bac575b,2024-05-24T01:15:30.977000
 CVE-2024-3190,1,1,09d4d21d853bdb5ff73ac7c6548b793584785b7dca93ba5fbe15daa6506cb897,2024-05-30T04:15:10.417000
 CVE-2024-31904,0,0,f581f8d898f5db4b0367557c06fa4b666380cc23610e816c03e35138e889ca3c,2024-05-24T01:15:30.977000
 CVE-2024-3191,0,0,8cf962bd9b56831bd79ade84a34de9b023bb925809cd58e4b9fc80c44fe6835a,2024-05-17T02:39:45.973000
 CVE-2024-3192,0,0,e3aebeb6cd86739531dd732871b7a29e3a45f5c2393a43be256648b47f7f7a36,2024-05-17T02:39:46.077000
@ -249419,6 +249422,7 @@ CVE-2024-32686,0,0,852c454a1d3bbf27e69c45ac3a82e5061f231ff76a794447de0366c288490
 CVE-2024-32687,0,0,a086d5b324c1fb3e15319d9ade5180576e51b429460cf8b16542df9ee987dffc,2024-04-22T13:28:34.007000
 CVE-2024-32688,0,0,7f41951b1eb13319bfb8b893fa89901a983c98497ebd74b7a49d01c4670e5fb3,2024-04-22T13:28:34.007000
 CVE-2024-32689,0,0,16874a71c9e632f769995766bf2f4ed6e183b5fc555d1d7f129ab5a8c673df33,2024-04-18T13:04:28.900000
 CVE-2024-3269,1,1,08f07170e761faa11ef1843c2c2f7880f1510deeacbc594f95cdb5748f9f5911,2024-05-30T04:15:10.697000
 CVE-2024-32690,0,0,a5c3efbe443cf42b8bcd8044eca65a720a8f83179f73ad11a935d5b1da69e0fc,2024-04-22T13:28:43.747000
 CVE-2024-32691,0,0,6bf77f40ecd5cf4c30ab2ae6de9b94e9df1ad90bb17dd1fa390b1b8ff8545003,2024-04-22T13:28:34.007000
 CVE-2024-32692,0,0,21de28715efe09392228fa104a5dd680f47fa0b3c5f64f2e6c643d84e747cf6b,2024-05-17T18:35:35.070000
@ -249474,6 +249478,7 @@ CVE-2024-32760,0,0,79cdaca9f99e33e6636cdff5c81a457807cc422bf4e494e3ee57e4eb5dee5
 CVE-2024-32761,0,0,ce6e18957362490cfabf91767930741349195476d374863f1eaf0c6108afcfd0,2024-05-08T17:05:24.083000
 CVE-2024-32764,0,0,bc3d072b957e003e653de0b420ab306da82665736b4d7b512b364e6134049d7c,2024-04-26T15:32:22.523000
 CVE-2024-32766,0,0,7119553a94fda386a48677f0171c3a85e12acf48042d943380d9db048f166a25,2024-04-26T15:32:22.523000
 CVE-2024-3277,1,1,37c84dfbe734af63638a00f5cd275238f8b1b8fc6bb014855278df04b310999c,2024-05-30T05:15:55.073000
 CVE-2024-32772,0,0,2d4fb680b13b3176b160b34c5ead370c8635624f7414f557ffce882457014cd9,2024-04-24T13:39:42.883000
 CVE-2024-32773,0,0,cdf6d9113130bad9f64f16e6cbf7c73f3f39d2ec19b8de9aad6ed1b2402687f3,2024-04-24T17:16:50.397000
 CVE-2024-32774,0,0,8dbbf5bd24cbc04a82b5688823250c2b5b1e045ea3a252123fcfbb63193a0806,2024-05-17T18:35:35.070000
@ -251078,7 +251083,7 @@ CVE-2024-3721,0,0,ec8dc4b0ad5d1d9ba11acb18015142f7d1715fd653f7ca2987e266e9c9e8ef
 CVE-2024-3722,0,0,7c1b4fae7e86bf4c1bc76a0d39819ffc592a7b598c7675ac0628daa278671c4c,2024-05-14T16:11:39.510000
 CVE-2024-3724,0,0,a2f08bb0a2e36a5c374b862fb3e4beff315b3d6672953c5eeabe10290b435e2c,2024-05-02T18:00:37.360000
 CVE-2024-3725,0,0,dd194c190207038aca40dcc17eaac7bd7c6f9f34e04d00c016e0de6cd9837da0,2024-05-02T18:00:37.360000
-CVE-2024-3726,1,1,52ab96872537730ad4a95fccb9723048ecd0492f295049d03407875a584b342b,2024-05-30T03:15:08.237000
+CVE-2024-3726,0,0,52ab96872537730ad4a95fccb9723048ecd0492f295049d03407875a584b342b,2024-05-30T03:15:08.237000
 CVE-2024-3727,0,0,6b54e6f77ad932a1228e2f32eb0944c54a5e699b6a62b1576b90d56350efe669,2024-05-14T16:11:39.510000
 CVE-2024-3728,0,0,43844043222c66b8f700e8c46db9fa69a4e80d2868161363811005c77777bc69,2024-05-02T18:00:37.360000
 CVE-2024-3729,0,0,fe9208be005903b27f9e982914c8adbe6ffd46f8d19d93e705d785ecc61de3fc,2024-05-02T18:00:37.360000
@ -251249,6 +251254,10 @@ CVE-2024-3939,0,0,8db4cbfcc78e197894431199cdad6af4ac1ac13ee2f1028e231ba1f9079317
 CVE-2024-3940,0,0,52f7bf6d70193ddf6b45db8d32585f84af1f44b7487d20897766e34b437b8581,2024-05-14T16:11:39.510000
 CVE-2024-3941,0,0,3315566f834adaa65bc779c72609390662785ebcc4aac50a6cb30731cb96d90c,2024-05-14T16:11:39.510000
 CVE-2024-3942,0,0,e822d69f7c80cdc7914f6c6d228f749a2878411b19bb34f624a4ef0b72687edf,2024-05-02T18:00:37.360000
 CVE-2024-3943,1,1,5376aed73b535466effd58d9ba9a171e2bfa8b84e688c4f6429b0da950ea585b,2024-05-30T05:15:55.373000
 CVE-2024-3945,1,1,e228b0d7ca5bac4bb5fb249f739fdecdf15d09e710cf5233a43711b697e010d9,2024-05-30T05:15:55.590000
 CVE-2024-3946,1,1,743497247ee1d58560c3514e0a4bb75f36e68e51865022cb8ac1a80c8f1f9303,2024-05-30T05:15:55.800000
 CVE-2024-3947,1,1,265159863051d3de6dbcb092f0fc64fb0c3f5f11f56a705efdd63f83c154c9d7,2024-05-30T05:15:55.993000
 CVE-2024-3948,0,0,376ea8906f03fda3c144927b149cbacf34b84dec1b654121329bc158cfe1d518,2024-05-17T02:40:12.107000
 CVE-2024-3951,0,0,d1eb572088193a792816003caae4c8900ea1808fb70b3f34eb162771a0d73b1e,2024-05-08T17:05:24.083000
 CVE-2024-3952,0,0,92f1da274771947c3cb4a43546670c1af8a997980dc361a71cd2fb07f162ad15,2024-05-14T16:11:39.510000
@ -251400,6 +251409,7 @@ CVE-2024-4213,0,0,42ea90224045d73e2b0e3583ac57d426d05abb547b5044b93cb751055084fa
 CVE-2024-4214,0,0,20486a6e70da9590b0bf48d308272f5e2303dba1772619a1d43b68b5a571b06a,2024-05-17T18:35:35.070000
 CVE-2024-4215,0,0,0d7dbfaf8275e9ff6c32259712a00cedd32b92104e92991d7893f67c59faf7d0,2024-05-03T12:50:34.250000
 CVE-2024-4216,0,0,80b76898bbc4459141293c47297450a985b668060a3a6e72db0d9ef898a4d417,2024-05-03T12:50:34.250000
 CVE-2024-4218,1,1,2a0ba4a491eb1981ee1f36d2adb27b7e6b3925de58a975c4d7a3e3e2331a44c9,2024-05-30T05:15:56.183000
 CVE-2024-4222,0,0,baaf2be5207361c5cdba494834d7fd0e14922c0bb0c21401ff4dac917c12e3a7,2024-05-16T13:03:05.353000
 CVE-2024-4223,0,0,7874da25b7633a9d0c04e6bbae5b506aa967cf75a9b041fe171571206fd80286,2024-05-16T13:03:05.353000
 CVE-2024-4225,0,0,ac71ef092dab43c080586d967efe31f36fc3673c6a3103eaf0a29ff9fdbbfa8b,2024-04-30T13:11:16.690000
@ -251491,6 +251501,7 @@ CVE-2024-4348,0,0,22aaa400d6ceaa55fdbf2a61503102f340b638c070cbc3ffa22198dc497008
 CVE-2024-4349,0,0,d7cb391ad6a3595c020e400bfefef3bf14b6d8b75d9701c79688eb2693bdea7a,2024-05-17T02:40:23.273000
 CVE-2024-4351,0,0,84a993fcb461a8c61255d21736701361dc3f453bf42043de26320f65ada00121,2024-05-16T13:03:05.353000
 CVE-2024-4352,0,0,ec2049b13794d7b7eea90d377463d8f5c3179de2c6e69d57554c5eced6269751,2024-05-16T13:03:05.353000
 CVE-2024-4356,1,1,665552b3e35c87b19e637f12854b443eebf7cafcbb889598a1c642b7847de2a5,2024-05-30T05:15:56.540000
 CVE-2024-4357,0,0,15f39a23a70c5acc3d08c2f81b16ef69b06f28ee37422807405e1ad546411072,2024-05-15T18:35:11.453000
 CVE-2024-4358,0,0,c8f40930fe3c6733bdba3289823c127651958d0def91c99c5ae0c8d826a9824a,2024-05-29T15:18:26.427000
 CVE-2024-4361,0,0,133909e17de135792173cf72624f64f1510a4ce9cc19a57a2e3a0686665955c8,2024-05-21T12:37:59.687000
@ -251536,9 +251547,9 @@ CVE-2024-4432,0,0,ae3cdd5c46c6797d426ba6ccc06dc149de7a2ef61b0f773df459dcbe1872dd
 CVE-2024-4433,0,0,a671ce2518271e49fdeb5cf5eaca489e751e352fe28902a9e3a1500395ee9006,2024-05-02T18:00:37.360000
 CVE-2024-4434,0,0,cde9fa120977e75c0573204952d5b71ccbd57bef4f0e70a5b7f5a93b9a0c5d06,2024-05-14T16:11:39.510000
 CVE-2024-4435,0,0,00fbe56a3162edeae001d58c5c5c4a8e71f65051db3777fe986060ffca8e632a,2024-05-21T12:37:59.687000
-CVE-2024-4436,0,1,a91428e5a2aa192fb6a697af879af6f14e366dc50cc143a39f5a3fcca97b187b,2024-05-30T02:15:47.300000
+CVE-2024-4436,0,0,a91428e5a2aa192fb6a697af879af6f14e366dc50cc143a39f5a3fcca97b187b,2024-05-30T02:15:47.300000
-CVE-2024-4437,0,1,61054b22af09e3b0d98a92aa8a0ef52dee86769ebfd9b1f0507b757c8842e26d,2024-05-30T02:15:47.433000
+CVE-2024-4437,0,0,61054b22af09e3b0d98a92aa8a0ef52dee86769ebfd9b1f0507b757c8842e26d,2024-05-30T02:15:47.433000
-CVE-2024-4438,0,1,b2a3938b595847aabcc899f73eb7efe44f6e3d720b2c42aa84e0abfa35309b7f,2024-05-30T02:15:47.537000
+CVE-2024-4438,0,0,b2a3938b595847aabcc899f73eb7efe44f6e3d720b2c42aa84e0abfa35309b7f,2024-05-30T02:15:47.537000
 CVE-2024-4439,0,0,d4904ab7f03492cebfcab113d16c9db0e8589fc24c413d994223fa5d5b94f71f,2024-05-03T12:48:41.067000
 CVE-2024-4440,0,0,51dabd0ed14011a33ac13484b9ff25988940854e7446055f86986b74eaffda88,2024-05-14T19:17:55.627000
 CVE-2024-4441,0,0,21bddaae6271b56b94db02a08e641400bfc943be91594296c54fd13926b71ef2,2024-05-14T16:11:39.510000
@ -251972,6 +251983,7 @@ CVE-2024-5204,0,0,f5f46d30f5f5fcefc4a351787eb0bfde8706d10be20e1d771d5abcd1008399
 CVE-2024-5205,0,0,cb36ec671fed104039900e6835467ad487e54c052bb39844cd3bc6979a6fc551,2024-05-24T13:03:11.993000
 CVE-2024-5218,0,0,928b5f8d4e08afc285c0cf6e370373ec87899b716b1cb4db68027907b01d2a82,2024-05-28T12:39:42.673000
 CVE-2024-5220,0,0,f61a4e43424028e9a9336f6f6ed766295c86a8a5421f6ff87daa2be13ac80d02,2024-05-28T12:39:42.673000
 CVE-2024-5223,1,1,0164c70f6539c9e33a94fcc48bc789cc2a7c554ed40320875d77a0c8873b0ae3,2024-05-30T04:15:10.963000
 CVE-2024-5227,0,0,9d34b575e4c4193bf3b7e2c70f772c52e473e90eee580d6cd20ca38df9886e09,2024-05-24T01:15:30.977000
 CVE-2024-5228,0,0,0a0ae3d586a473bc70cb0721078887f2918e42e82919d39880ecf7432c31100c,2024-05-24T01:15:30.977000
 CVE-2024-5229,0,0,5591fcb6917655cbf3944dcd6615ff3ff9ee2f54b68a25aab97dceee478c25ea,2024-05-28T12:39:42.673000
@ -252079,4 +252091,4 @@ CVE-2024-5428,0,0,48df461aef64d2744feebfecb3948a4ed7b72d467be8b3109a057cc13cad6e
 CVE-2024-5433,0,0,d0946774ada383b4af0e78f23b9c449d05f83a7124810af4e383f90b0cdbda75,2024-05-29T13:02:09.280000
 CVE-2024-5434,0,0,dc2716eb218edba725ac85c17a2930de7a00b6563d0ca53040574106ea0b92ed,2024-05-29T13:02:09.280000
 CVE-2024-5437,0,0,557d2d92d351d0b9c718cc97d7a9d4fae40afc0a93c4cab84fee8196b51766e4,2024-05-29T13:02:09.280000
-CVE-2024-5514,1,1,6a150ba2c86045e5579446c550726902e275536a6c8563a4c173f99d92dc8289,2024-05-30T03:15:08.467000
+CVE-2024-5514,0,0,6a150ba2c86045e5579446c550726902e275536a6c8563a4c173f99d92dc8289,2024-05-30T03:15:08.467000